← Back to Skills Marketplace

usewhisper

Name: usewhisper
Author: alinxus

by Alinxus · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

820

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install usewhisper

Description

Official Whisper Context skill for OpenClaw. Cuts context tokens via delta compression + caching, and adds long-term memory across sessions.

Usage Guidance

This skill appears coherent with its stated purpose, but review and consider the following before installing: 1) Privacy: ingest_session sends user and assistant text to the remote API—ensure you trust the service and its data-retention policies. 2) Secrets: keep WHISPER_CONTEXT_API_KEY secret and rotate it if needed. 3) Default endpoint: the script defaults to https://context.usewhisper.dev—if you have a different endpoint (self-hosted or internal), set WHISPER_CONTEXT_API_URL. 4) Auto-create behavior: the helper may create projects in your org on first use—be aware it will perform write operations remotely. 5) Review the included whisper-context.mjs script yourself (or have an engineer do so) if you have high security requirements; the code is small and uses only fetch and explicit file/stdin reads.

Capability Analysis

Type: OpenClaw Skill Name: usewhisper Version: 1.0.0 The skill is classified as suspicious due to its capabilities for reading local files and making outbound HTTPS requests to a third-party API. While these actions are explicitly declared in SKILL.md and README.md, and are central to the skill's stated purpose (context compression and memory for AI agents), the ability to read arbitrary local files (via `@path` or stdin `-` in `whisper-context.mjs`) and transmit their content to an external service (`https://context.usewhisper.dev`) presents a significant risk. An AI agent could be susceptible to prompt injection, leading it to read sensitive local files and exfiltrate their contents to the Whisper Context API, even if the API itself is the intended destination. There is no evidence of arbitrary code execution, persistence, or exfiltration to arbitrary, undeclared endpoints, which would elevate it to malicious.

Capability Assessment

✓ Purpose & Capability

Name/description, required binary (node), and required env vars (WHISPER_CONTEXT_API_KEY, WHISPER_CONTEXT_PROJECT) match the declared purpose of calling a remote Whisper Context API. The helper's commands (query_context, ingest_session, memory_* etc.) are directly relevant to context compression, caching, and memory management.

ℹ Instruction Scope

SKILL.md and the included script limit local data access to explicit inputs (flags, @file paths, or stdin). The instructions clearly state that ingest_session will send user and assistant text to the remote Context API — a necessary behavior for long-term memory but a privacy consideration. There are no vague 'gather whatever context you need' directives; behavior is explicit.

✓ Install Mechanism

No install spec is present (instruction-only install via ClawHub is documented), and the package includes a single Node script rather than an archive download or installer. This minimizes filesystem persistence risk compared to arbitrary downloads.

✓ Credentials

The skill requests only an API key and project identifier for the remote service (plus an optional API URL). It does not request unrelated credentials or config paths. The required secret (WHISPER_CONTEXT_API_KEY) is proportionate to its function; SKILL.md explicitly warns to treat this as a secret.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked autonomously (platform default) but has no unusual persistent privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install usewhisper
After installation, invoke the skill by name or use /usewhisper
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release – introduces Whisper Context skill for OpenClaw. - Enables delta compression and caching of context to reduce API token usage and cost. - Supports long-term memory across sessions for OpenClaw agents. - Provides Node-based helper (`whisper-context.mjs`) with commands: `query_context`, `ingest_session`, `memory_write`, `memory_search`, `oracle_search`, `get_cost_summary`, `cache_stats`, and `cache_warm`. - Allows skill installation via ClawHub and setup via environment variables. - Outlines security and privacy notes for API key handling and data submission.

Metadata

Slug usewhisper

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is usewhisper?

Official Whisper Context skill for OpenClaw. Cuts context tokens via delta compression + caching, and adds long-term memory across sessions. It is an AI Agent Skill for Claude Code / OpenClaw, with 820 downloads so far.

How do I install usewhisper?

Run "/install usewhisper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is usewhisper free?

Yes, usewhisper is completely free (open-source). You can download, install and use it at no cost.

Which platforms does usewhisper support?

usewhisper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created usewhisper?

It is built and maintained by Alinxus (@alinxus); the current version is v1.0.0.

More Skills